Cloudsmith has always retained deleted packages for 7 days before permanently removing them — but until now, restoring a deleted package required contacting Cloudsmith support. The new “Recently deleted packages” view lets your team find and restore packages directly, whether they were removed manually, by a retention rule, or via a bulk action, without raising a support request…
Cloudsmith should adapt to the way you work, and today we're releasing a significant new feature to meet this objective - table personalization…
Upstream logs are now available in the web app. Each upstream's log shows successful requests from the last 12 hours and failed requests from the last 24 hours, making it easier to monitor activity and diagnose issues as they arise…
Teams with UK data residency requirements can now store artifacts on UK infrastructure. Select London as your storage region when creating a new repository, or transfer an existing one via a repository's Settings…
You can now connect multiple repositories to a single repository, giving your teams a single repo to pull every package they need. This allows you to organize your artifacts by Line of Business (LOB) while ensuring that shared internal libraries and vendor images are managed centrally and remain always available to the teams that need them…
We’ve released v2.0.0 of the Cloudsmith CircleCI Orb, bringing it to full feature parity with our GitHub Actions and Azure DevOps integrations. This update focuses on security through OIDC, improved reliability, and greater flexibility for your CI/CD workflows…
We’ve added support for the Wolfi ecosystem, alongside the ability to proxy and cache both Alpine and Wolfi packages from their public mirrors. For teams installing packages via APK, this provides a simpler, more reliable way to manage dependencies by using Cloudsmith as a single source for both public and private packages…
We’ve released a major update to the Cloudsmith VS Code extension, transforming it from a repository browser into a proactive part of your software supply chain security. By integrating security remediation, automated Infrastructure as Code (IaC) generation, and dependency health tracking directly into the IDE, we’ve eliminated the friction between writing code and managing a secure software supply chain…
Cloudsmith has introduced a new vulnerabilities command to the CLI, allowing users to retrieve package security scan results through a single command…
Upstream Trust prevents attackers from hijacking your internal package names in public repositories. By defining explicit trust boundaries, you ensure that once an artifact is identified as internal, it cannot be replaced by an untrusted externally-sourced version…